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DETAILED ACTION 

1. Claims 1 -3 1 have been examined and are pending. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

2. Claims 13-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non-statutory subject matter, as they do not fall under any of the statutory classes of 
inventions. The language in the claim raises an issue because the claims are directed merely to an 
abstract idea (i.e. a language stack and/or a program code) that is not tied to an article of 
manufacture which would result in a practical application producing a concrete, useful, and 
tangible result to form the basis of statutory subject matter under 35 U.S.C. 101. It appears that 
the claimed "A language stack" would reasonably be interpreted by one of ordinary skill in the 
art as software, per se. The claimed "A language stack" does not result in a tangible result, and 
are rejected as being directed to an abstract idea (i.e., producing non-tangible result). 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 
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3. Claims 1-3 1 are rejected under 35 U.S.C. 102(b) as being anticipated by US 6,070,244 to 
Orchier et al. (hereinafter "Orchier"). 

As per claims 1, 28 and 19, Orchier teaches a system and a method for providing an 
enterprise-based security policy, the system comprising (Figs. 2, 3a and associated text): 

a central agent configured to retrieve a policy skin from a database and to transmit the 
policy skin to a host (Orchier, col 7, lines 33-36, where teaches that compliance, alert and query 
agents access the standardized information in database 76 and that (col. 8, lines 46-64) a 
maintenance agent abstraction facility commands the appropriate maintenance agent 92-a-92n to 
carry out the specific requests and/or commands); 

a data gathering engine configured to collect host data related to the host (col. 4, lines 
64-66, where the collection agents 72-a-72n use system utilities and/or APIs to extract from 
individual security domains specific data defining security information pertaining to system 
users); and 

a policy engine configured to execute the policy skin against the host data to determine 
security policy compliance (Orchier, col. 8, lines 65 through col. 9, line 25, Fig. 4i and 
associated text, where maintenance agent 92a-92n comprising platform specific software invokes 
the security processing of the native platforms to accomplish the work)). 

As per claim 2,Orchier teaches the system of claim 1, further comprising a host agent 
configured to transmit the host data and compliance information to the central agent (col. 4, lines 
63 through col. 5, line 6, where the collection agent abstraction facility 74 rationalizes the data 
collected by the collection agents 72-72n into standardized sets of data). 
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As per claim 3, Orchier teaches the system of claim 2, further comprising a scheduler 
configured to schedule when the data gathering engine collects the host data, when the policy 
engine executes the security policy and when the host agent transmits the host data and the 
compliance information to the central agent (coL 11, lines 1-13, where scheduling the starting of 
the program at a designated time of the day is disclosed.). 

As per claim 4, Orchier teaches the system of claim 2, wherein the central agent is 
further configured to transmit the host data and the compliance information to the database for 
storage (col. 5, lines 30-32, where the collection agent abstraction facility stores the information 
organized in the database 76). 

As per claim 5, Orchier teaches the system of claim 4, further comprising a report engine 
coupled to the database, the report engine configured to access the host data and the compliance 
information from the database and to generate a report based on the host data and the compliance 
information (col. 4, lines 23-31). 

As per claim 6, Orchier teaches the system of claim 1, wherein a central server includes 
the central agent, and the host includes the data gathering engine and the policy engine (col. 4, 
line 63 through col. 5, line 6, where the data collected by collection agents is passed to collection 
agent abstraction layer or facility 74, see also fig. 2 and associated text). 

As per claim 7, Orchier teaches the system of claim 1 , wherein the policy skin when 
retrieved from the database includes one or more policy strings, and the policy skin when 
executed includes the one or more policy strings translated into a general purpose language (col. 
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5, lines 7-22, where the collection agent abstraction facility 74 rationalizes the data collected by 
the collection agents into standardized sets of data). 

As per claim 8, Orchier teaches the system of claim 1 , wherein the policy skin when 
executed is configured to be compatible with an operating system running on the host (col. 4, 
lines 48-62). 

As per claim 9, Orchier teaches the system of claim 1, further comprising a remote 
access engine coupled to the database, the remote access engine configured to enable a third 
party to design, implement, monitor or maintain the policy skin (col. 13, lines 42-55). 

As per claim 10, Orchier teaches the system of claim 1, further comprising a policy 
editor coupled to the database, the policy editor configured to enable a user to create the policy 
skin using policy strings (col. 14, lines 1-13, where manual maintenance agent software is 
disclosed.). 

As per claim 11, Orchier teaches the system of claim 1, wherein the host is a member of 
a group (Fig 3a, where security domains 70a-70n is disclosed). 

As per claim 12, Orchier teaches lhe system of claim 1, wherein the central agent is 
configured to retrieve a high security level policy skin from the database and to transmit the high 
security level policy skin to the host in the event of a crisis or emergency (col. 13, lines 14-23). 

As per claim 13, Orchier teaches a language stack for providing an enterprise-based 
security policy, the language stack comprising: a policy strings layer configured to include policy 
strings; a policy definition language layer configured to include a policy definition language; a 
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first translator configured to parse policy strings into the policy definition language; a general 
purpose language layer configured to include a general purpose language; and a second translator 
configured to parse the policy definition language into the general purpose language (col. 2, lines 
16-35, see also col. 12, lines 34-50, Fig. 6a and associated text, see also col. 11, lines 1-24). 

As per claim 14, Orchier teaches the language stack of claim 13, wherein the general- 
purpose language comprises Python language (col. 9, lines 9-25, see also col. 11, lines 14-24). 

As per claim 15, Orchier teaches the language stack of claim 13, further comprising a 
system definition layer configured to include run- time libraries and support services (col. 4, lines 
63-67, wherein collection agents use system utilities and/or APIs). 

As per claim 16, Orchier teaches the language stack of claim 15, wherein an executable 
version of a policy skin includes one or more policy strings that have been translated into the 
general-purpose language (col. 14, lines 28-62). 

As per claim 17, Orchier teaches the language stack of claim 16, wherein the executable 
version of the policy skin is configured to call one or more run-time libraries or one or more 
support services from the system definition language when executed (col. 4, lines 63-67, wherein 
collection agents use system utilities and/or APIs). 

As per claim 18, Orchier teaches the language stack of claim 16, wherein the executable 
version of the policy skin is configured to be compatible with an operating system running on a 
host. (col. 8, lines 24-46, wherein the maintenance agent abstraction facility 90 converts the 
hardware and software instructions into general hardware and software instructions that pertains 
to the individual platforms, see also, col. 4, lines 23-27). 
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As per claim 21, Orchier teaches the method of claim 19, wherein the policy skin when 
executed includes one or more policy strings that have been translated into a general purpose 
language (col. 14, lines 28-62). 

As per claim 22, Orchier teaches the method of claim 21, wherein the policy skin when 
executed is configured to be compatible with an operating system running on the host (col. 8, 
lines 24-46, wherein the maintenance agent abstraction facility 90 converts the hardware and 
software instructions into general hardware and software instructions that pertains to the 
individual platforms, see also, col. 4, lines 23-27). 

As per claim 23, Orchier teaches the method of claim 19, further comprising the step of 
creating the policy skin, the policy skin including one or more policy strings (col, 14, lines 28- 
42, wherein examples of platform independent security maintenance categories and data are 
disclosedzO. 

As per claim 24, Orchier teaches the method of claim 23, wherein a policy editor or a 
remote access engine is used to create the policy skin (col. 14, lines 1-13, where manual 
maintenance agent software is disclosed.). 

As per claim 25, Orchier teaches the method of claim 19, further comprising the steps of 
receiving the host data and compliance information and storing the host data and compliance 
information in a database (Orchier, col. 5, lines 30-32, where the collection agent abstraction 
facility stores the information organized in the database 76). 

As per claim 26, Orchier teaches the method of claim 25, wherein the database resides in 
the central server (col. 12, lines 34-43, see also fig. 6a and associated text). 
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As per claim 27, Orchier teaches the method of claim 25, further comprising the steps of 
accessing the host data and compliance information from the database and generating a report 
based on the host data and compliance information (col. 4, lines 23-31, i.e. a report generator). 

As per claim 29, Orchier teaches the system of claim 28, further comprising means for 
creating the policy skin, the policy skin including one or more policy strings (col. 14, lines 28- 
42, wherein examples of platform independent security maintenance categories and data are 
disclosed). 

As per claim 30, Orchier teaches the system of claim 28, further comprising means for 
receiving the host data and compliance information and means for storing the host data and 
compliance information in a database (Orchier, col. 5, lines 30-32, where the collection agent 
abstraction facility stores the information organized in the database 76). 

As per claim 31, Orchier teaches the system of claim 30, further comprising means for 
accessing the host data and compliance information from the database and means for generating 
a report based on the host data and compliance information^ col. 4, lines 23-3 1) 

Conclusion 

4. Prior arts made of record, not relied upon: 
See enclosed PTO-892. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Taghi T. Arani whose telephone number is (571) 272-3787. The 
examiner can normally be reached on 8:00-5:30 Mon-Fri. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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